Prisma Cloud Defenders enforce the policies defined in Console and send
event data up to the Console for correlation. There are several types of
Defenders, and depending on the assets in your environment that require
protection you may end up deploying all of them or a subset. Defenders
support the full variety of workloads in cloud native environments:
Container Defender: This Defender type is deployed as a container on
every asset running containers in your infrastructure.
Host Defender: This Defender type is deployed for Virtual Machines
that do not run containers.
Fargate Defender: This Defender type deploys as part of your Fargate
Serverless Defender: This Defender type deploys as part of your
serverless function and provides Runtime Application Self Protection (App Embedded) capabilites.
Defender can be installed one of the following ways:
One at a time, on each host that you want to protect. Use this
method when you’re not using an orchestrator, or for simple
proof-of-concept environments. You can also install Defenders via
whatever configuration management or automation tools you are
already using, Ansible, Puppet, or Chef for example.
As a orchestrator-native construct. For example, you can deploy
Defender as a DaemonSet in Kubernetes and OpenShift environments or
as a global service in Docker Swarm environments.
Orchestrator-native constructs ensure that Defender is automatically
deployed to every node in the cluster, even as the cluster
dynamically scales up or down.
As a systemd service on hosts that do not have Docker.
As a windows system service on hosts that do not have Docker.
As a part of your Fargate deployment, Serverless function, or other cloud native workload deployment.
By default, Defender establishes a connection to Console on TCP port
8084 but you can customize the port to meet the needs of your
environment. All traffic between the Defender and the console is TLS
To use Prisma Cloud registry scanning capabilities, different container
Defenders in your environment can be designated to scan each registry,
allowing you to balance registry scanning based on geographic or other
concerns; container based Defenders can simultaneously protect its host
and scan registry images. These Defenders must be able to connect to the
registries over the network, and the type (Linux or Windows) must match
the kind of images you want it to scan. If you have a hybrid Linux and
Windows environment, one Defender of each type must be running.
As with Console, Prisma Cloud provides automation in the product to
generate the artifacts required to deploy Defender across a variety of